PatchSiren cyber security CVE debrief
CVE-2026-22553 InSAT CVE debrief
CVE-2026-22553 is a critical command-injection vulnerability in InSAT MasterSCADA BUK-TS, affecting all versions. According to CISA, a malicious user interacting with the MMadmServ web interface may be able to inject operating-system commands and potentially achieve remote code execution. The advisory was publicly published on 2026-02-24.
- Vendor
- InSAT
- Product
- MasterSCADA BUK-TS
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-24
- Original CVE updated
- 2026-02-24
- Advisory published
- 2026-02-24
- Advisory updated
- 2026-02-24
Who should care
OT/ICS operators, SCADA administrators, plant engineers, security teams responsible for industrial control environments, and incident responders supporting deployments of InSAT MasterSCADA BUK-TS.
Technical summary
CISA’s advisory states that all versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection through a field in the MMadmServ web interface. The issue is network-relevant in the sense reflected by the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), and the source notes that exploitation could lead to remote code execution. No remediation patch is described in the supplied corpus; the advisory instead directs users to contact InSAT for additional information.
Defensive priority
Critical. Treat as an immediate mitigation and exposure-reduction issue for any deployed instance of the product.
Recommended defensive actions
- Inventory whether InSAT MasterSCADA BUK-TS is deployed anywhere in your environment, including lab, test, and vendor-managed systems.
- Restrict access to the MMadmServ web interface to trusted management networks only, or remove external reachability entirely.
- Place the affected service behind VPN, jump host, or other administrative access controls where possible.
- Apply network segmentation and least-privilege controls to reduce the blast radius if the vulnerable interface is abused.
- Monitor for unusual web requests to MMadmServ and for unexpected child processes or shell activity on hosts running the product.
- Contact InSAT using the remediation contacts listed in the advisory ([email protected] and [email protected]) for vendor guidance and update status.
- If the product must remain online, document compensating controls and validate backup/recovery procedures in case of compromise.
Evidence notes
This debrief is based on the CISA CSAF advisory (ICSA-26-055-01) published 2026-02-24 and the supplied source item for CVE-2026-22553. The corpus states that all versions of InSAT MasterSCADA BUK-TS are affected by OS command injection in the MMadmServ web interface and that exploitation may lead to remote code execution. The advisory also notes that InSAT had not responded to CISA requests to work on mitigation. The published CVE date used here is the CVE publication timestamp provided in the corpus, not any generation or review date.
Official resources
-
CVE-2026-22553 CVE record
CVE.org
-
CVE-2026-22553 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in advisory ICSA-26-055-01 on 2026-02-24. The supplied source notes that InSAT had not responded to mitigation requests at the time of publication.